Fedora 43 : linux-firmware (2026-2cebf295af)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-2cebf295af
#

include('compat.inc');

if (description)
{
  script_id(284797);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/15");
  script_xref(name:"FEDORA", value:"2026-2cebf295af");

  script_name(english:"Fedora 43 : linux-firmware (2026-2cebf295af)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2026-2cebf295af advisory.

    Update to 20260110:

    * update firmware for MT7925 WiFi device
    * mediatek MT7925: update bluetooth firmware to 20260106153314
    * mediatek MT7920: update bluetooth firmware to 20260105151350
    * mediatek MT7922: update bluetooth firmware to 20260106153735
    * update firmware for MT7922 WiFi device
    * Mellanox: Add new mlxsw_spectrum firmware xx.2016.3900
    * amdgpu: Update dcn314, dcn315 firmware to 0.1.42.0
    * qcom: Update DSP firmware for sa8775 platform
    * QCA: Add Bluetooth firmware for QCC2072 uart interface
    * i915: Xe3p_LPD DMC v2.33
    * qcom: Update DSP firmware for qcs8300 platform
    * update firmware for MT7920 WiFi device
    * qcom: Update aic100 firmware files
    * qca: Update Bluetooth WCN6750 1.1.3-00100 firmware to 1.1.3-00105
    * firmware: Revert kernel_boot.elf due to license compliance issue
    * add firmware for an8811hb 2.5G ethernet phy
    * i915: Xe3LPD_3002 DMC v2.28
    * i915: Xe3LPD DMC v2.33
    * intel_vpu: Add firmware for 50xx NPUs and update older ones
    * Update AMD SEV firmware
    * amdgpu: DMCUB updates for various ASICs
    * qcom: venus-5.4: fix ELF segment alignment to 4 bytes
    * mediatek MT7925: update bluetooth firmware to 20251210093205
    * update firmware for MT7925 WiFi device
    * rcar_gen4_pcie: add firmware for Renesas R-Car Gen4 PCIe controller
    * qcom: Update CDSP firmware for qcm6490 platform
    * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x488C_DB55
    * iwlwifi: Add firmware file for Intel Scorpius core
    * rtw89: 8852b: update fw to v0.29.29.15
    * cirrus: cs35l41: Update firmware and tuning for various HP laptops
    * cirrus: cs35l41: Add support for new HP Clipper laptop
    * qcom: drop compatibility a640_zap.mdt symlink
    * qcom: add version for a530v3_gpmu.fw2
    * xe: Update GUC to v70.55.3 for BMG, PTL
    * iwlwifi: add Bz/Sc FW for core101-82 release
    * iwlwifi: Add Sc/Gf firmware for core101-82 release
    * iwlwifi: update ty/So/Ma firmwares for core101-82 release
    * iwlwifi: update cc/Qu/QuZ firmwares for core101-82 release
    * amdgpu: DMCUB updates for various ASICs
    * qcom: Add firmwares for sm8150/sm8450/sm8550/sm8650/sm8750 GPUs
    * ath10k: WCN3990 hw1.0: update board-2.bin
    * ath10k: QCA9888 hw2.0: update board-2.bin
    * ath10k: QCA4019 hw1.0: update board-2.bin
    * cirrus: cs35l41: Add support for new HP laptops
    * Revert amdgpu: update GC 11.5.0 firmware
    * Update amd-ucode copyright information
    * Update AMD cpu microcode
    * Update firmware file for Intel Scorpius core
    * Update firmware file for Intel BlazarIGfP core
    * Update firmware file for Intel BlazarI core
    * Update firmware file for Intel BlazarU-HrPGfP core
    * Update firmware file for Intel BlazarU core
    * ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04866-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
    * ath11k: QCA2066 hw2.1: update board-2.bin
    * qcom: update ADSP firmware for x1e80100 platform, change the license
    * qcom: reorder ADSP, CDSP firmware entries for qcs8300 in WHENCE
    * Reapply amdgpu: update SMU 14.0.3 firmware
    * Revert amdgpu: update SMU 14.0.3 firmware
    * Revert amdgpu: update GC 10.3.6 firmware
    * Revert amdgpu: update GC 11.5.1 firmware
    * update firmware for MT7925 WiFi device
    * mediatek MT7925: update bluetooth firmware to 20251124093155
    * intel_vpu: Update NPU firmware
    * qcom: vpu: update video firmware binary for SM8250
    * xe: Update GUC to v70.54.0 for BMG, PTL

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-2cebf295af");
  script_set_attribute(attribute:"solution", value:
"Update the affected linux-firmware package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:43");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:linux-firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^43([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 43', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '43',
    'pkgs': [
      {'reference':'linux-firmware-20260110-1.fc43', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-firmware');
}